Crime & Justice

Feds reveal California was one of the states targeted by Russian election hackers

Russian-backed hackers targeted election systems in 21 states but federal officials had not told state election officials which states were targeted until now.
Tami Chapell/AFP/Getty Images

Pam Fessler | NPR|September 23, 2017

Updated at 8:15 p.m. ET

One of the public's unanswered questions about Russia's attempts to break into election systems last year was which states were targeted. On Friday, states found out.

The Department of Homeland Security said earlier this year that it had evidence of Russian activity in 21 states, but it failed to inform individual states whether they were among those targeted. Instead, DHS authorities say they told those who had "ownership" of the systems — which in some cases were private vendors or local election offices.

State election officials were finally contacted by federal authorities on Friday about whether their election systems were among those targeted for attack last year by Russian hackers.

State election officials have complained for months that the lack of information from the federal government was hampering their efforts to secure future elections.

"We heard that feedback," says Bob Kolasky, acting deputy undersecretary for DHS's National Protection and Programs Directorate. "We recognize that it is important for senior state election officials to know what happens on their state systems."

On Friday afternoon, DHS placed individual calls to the top election official in each state and six U.S. territories to fill them in on what information the agency has about election hacking attempts in their state last year. It will be up to the election officials to decide whether to share what they learn with the public.

Shortly after the call, Washington Secretary of State Kim Wyman announced that her state's election systems were among those that Russian hackers tried to break into last year, but that they had failed. "There was no successful intrusion and we immediately alerted the Federal Bureau of Investigation of the activities," she said in a statement.

Wyman says the state had security measures in place that detected the attempted intrusion.

The Connecticut Secretary of State's office said that DHS confirmed Russian hackers tried to break into the state's online voter registration system last year but did not succeed. A spokesman for the office said its information technology department detected and blocked the attempted intrusion but did not know who was probing the system.

Officials in California, Oregon and Wisconsin also said they were targeted.

In addition, officials from Alabama, Alaska, Arizona, Colorado, Delaware, Florida, Illinois, Iowa, Maryland, Minnesota, Ohio, Oklahoma, Pennsylvania and Virginia told The Associated Press that their states had been targeted.

Election officials in Georgia, Kansas, Kentucky, Louisiana, New Mexico and North Carolina said their states were not targeted by hackers.

Kolasky says no information was provided in the calls that had not already been shared with others in the state.

"The good news is that, for the most part, most of the things that we saw attempted in 2016 were just that, attempts," he says. "There was nothing that impacted the voting tallies, as we said before, and for the most part, these attempts were not successful in any intrusions into systems."

Only two state election security breaches last year have been made public so far. Hackers were able to gain access to the records of tens of thousands of voters in Illinois' centralized registration database, but there is no sign any records were deleted or changed. Russian hackers also gained access to the password and other credentials of a county elections worker in Arizona. Again there is no evidence that records were altered.

Earlier this year, a leaked National Security Agency report also detailed attempts by Russian military intelligence to infiltrate an election software vendor's computer and to use that information to send emails containing malicious software to up to 122 local election offices. There is no evidence any of those emails were opened.

The National Association of Secretaries of States, which represents most senior state election officials, says it's relieved Friday's calls were finally made.

"Most importantly, DHS acknowledged that they had contacted the wrong people at the state level and will rectify that going forward by communicating with each state's chief election officials," says spokesman Stephen Reed. "Finally finding out this information from DHS allows the chief elections officials to move forward on this matter."

The calls are one sign of an improving relationship between election officials and DHS over how to deal with the cybersecurity threat.

State and local officials balked when Obama Homeland Security Secretary Jeh Johnson said in January he planned to designate elections as part of the nation's critical infrastructure, which meant additional security assistance from the federal government. Election officials feared the federal government would start telling states how to run their elections, which are traditionally under local control.

In recent months, DHS and election officials have been meeting regularly and just last week agreed to set up a 28-member coordinating council — to include three federal agency representatives and 25 state and local election officials — to share security information and assistance.

Also, top election officials in every state and U.S. territory are in the process of getting security clearances so they'll be able to receive classified intelligence about potential threats. Kolasky says he expects the first security clearances to be approved next month.